HPE Community
Operating System - Linux
1823399 Members
2630 Online
109655 Solutions
New Discussion юеВ

Re: dns configuration

 
Fadia Almarei
Super Advisor

тАО11-20-2006 07:59 AM

тАО11-20-2006 07:59 AM

dns configuration

Dear All
i have a redhat linux server which had a private IP and a public IP (NAT) , i try to configure this aerver as a secondary dns server , i installed the bind add and do all the configuration needed from the primary dns server side , when i start the bind service the to get the zones trasfair my primary dns IP try to deal with the secondary server private IP and the zones trasfair did not complete , what is the cause for this problem and how to solve it.

BR;
fadia
fadia.marei
0 Kudos
Reply
15 REPLIES 15
Patrick Terlisten
Honored Contributor

тАО11-20-2006 08:28 AM

тАО11-20-2006 08:28 AM

Re: dns configuration

Hello Fadia,

which version von RedHat Linux did you use for your server. Please post the content of the "options" section of your named.conf. Is there an entry like this?

listen-on port 53 { 127.0.0.1; 192.168.20.2; };

With this entry you can tell you named on which interfaces it should listen.

Regards,
Patrick
Best regards,
Patrick
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-20-2006 11:02 PM

тАО11-20-2006 11:02 PM

Re: dns configuration

the OS is Redhat Enterprise Linux AS v.4 , and the options for it in the named.conf file .
options {
directory "/var/named";
allow-transfer { 212.14.224.1 ; };
# query-source address * port 53;
fadia.marei
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО11-20-2006 11:19 PM

тАО11-20-2006 11:19 PM

Re: dns configuration

What do you see in /var/log/messages ?
generally the information wirtten there is very usefull (especially when dealing with DNS).
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-20-2006 11:24 PM

тАО11-20-2006 11:24 PM

Re: dns configuration

this what i have
Nov 21 14:22:26 localhost named[10696]: starting BIND 9.3.2-P2
Nov 21 14:22:26 localhost named[10696]: loading configuration from '/etc/named.conf'
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth0, 10.100.20.230#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth0:0, 195.68.208.230#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth1, 10.100.20.231#53
Nov 21 14:22:26 localhost named[10696]: none:0: open: /etc/rndc.key: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't install keys for command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't add command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: zone 0.0.127.in-addr.arpa/IN: has no NS records
Nov 21 14:22:26 localhost named[10696]: running
Nov 21 14:22:27 localhost named[10696]: zone paltel.net/IN: Transfer started.
Nov 21 14:22:27 localhost named[10696]: transfer of 'paltel.net/IN' from 212.14.224.1#53: connected using 10.100.20.230#33347

fadia.marei
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО11-20-2006 11:57 PM

тАО11-20-2006 11:57 PM

Re: dns configuration

I see some rndc minimal errors, for that see:

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-rndc.html

Can you do a traceroute to the primary DNS server? I don't understand why is trying to connect using private ip as source address.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО11-21-2006 12:13 AM

тАО11-21-2006 12:13 AM

Re: dns configuration

There's an error in you /etc/named.conf file on line 19.
Can you post your named.conf file?
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-21-2006 12:32 AM

тАО11-21-2006 12:32 AM

Re: dns configuration


options {
directory "/var/named";
allow-transfer { 212.14.224.1 ; };
query-source address 195.68.208.230 port 53;
#listen-on port 53 { 127.0.0.1; 195.68.208.230; };

};

key "rndc-key" {
algorithm hmac-md5;
secret "MjPngJNvWhd3u9hW0/eWWw==";
};

controls {
inet 195.68.208.230 port 953
allow { 195.68.208.230; } keys { "rndc-key"; };
};


zone "." in {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "zone/db.127.0.0";
};

zone "paltel.net" in {

type slave;
file "zone/db.paltel.net";
masters { 212.14.224.1; };
#allow-notify { 212.14.224.1; };
};
fadia.marei
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО11-21-2006 12:41 AM

тАО11-21-2006 12:41 AM

Re: dns configuration

Do you use chrooted bind?
Do you have the directories/files in write places?
It's hard to see what line is 19, so can you please post just that line?
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-21-2006 12:59 AM

тАО11-21-2006 12:59 AM

Re: dns configuration

ther is no chrooted
fadia.marei
0 Kudos
Reply
George Liu_4
Trusted Contributor

тАО11-21-2006 06:18 AM

тАО11-21-2006 06:18 AM

Re: dns configuration

Said enough.

Nov 21 14:22:26 localhost named[10696]: none:0: open: /etc/rndc.key: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't install keys for command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't add command channel 195.68.208.230#953: file not found
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-22-2006 12:46 AM

тАО11-22-2006 12:46 AM

Re: dns configuration

the thing that i want to change the IP that the transfare work at

Nov 22 15:43:28 localhost named[13720]: transfer of 'paltel.net/IN' from 212.14.224.1#53: connected using 10.100.20.230#48521


from the IP 10.100.20.230 to another IP which is the NAT IP , how can I do this


fadia.marei
0 Kudos
Reply
George Liu_4
Trusted Contributor

тАО11-22-2006 03:18 AM

тАО11-22-2006 03:18 AM

Re: dns configuration

If your routing can see the private IP, you don't need to worry about the NAT, assuming DNS ports are open.

The problem seems some rndc configuration files are missing
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-22-2006 03:29 AM

тАО11-22-2006 03:29 AM

Re: dns configuration

port 53 is opened from the NAT IP to the primary server , but what you meen by the route is opened from my IP to thr private IP , that my primary dns server and the private server on a different network.\
fadia.marei
0 Kudos
Reply
George Liu_4
Trusted Contributor

тАО11-22-2006 03:46 AM

тАО11-22-2006 03:46 AM

Re: dns configuration

Assuming the following scenario is correct,

You have a work DNS server which is in public site with a public IP;
You want to create a seconary DNS server that is dual-homed with one public IP and one private IP;
You have problem on the second DNS sever.

Then your DNS zone transferring traffic should flow through the public IP only. port 53 (udp and tcp) or whatever port you configured should be open on both PUBLIC IPs.
0 Kudos
Reply
Fadia Almarei
Super Advisor

тАО11-22-2006 03:49 AM

тАО11-22-2006 03:49 AM

Re: dns configuration

ok this is exactly my case and the port is opened between the two public IPs but i face the same problem of zones transfair
fadia.marei
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.